[__matrix_synapse] wire TLS certs, fix some templating errors

This commit is contained in:
fnux 2021-02-17 14:01:06 +01:00
parent 37762dd1ca
commit 33bf0fd416
No known key found for this signature in database
GPG key ID: 4502C902C00A1E12
5 changed files with 27 additions and 2 deletions

View file

@ -1,7 +1,8 @@
#!/bin/sh #!/bin/sh
# Note: template originally generated from synapse's 1.26.0 sample config. # Note: template originally generated from synapse's 1.26.0 sample config.
set -e
cat << EOF cat << EOF
############################################################### ###############################################################
# THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. # # THIS FILE HAS BEEN GENERATED BY CDIST. DO NOT EDIT BY HAND. #
@ -49,8 +50,13 @@ pid_file: "${PIDFILE:?}"
# under the 'listeners' configuration, however this is a security risk: # under the 'listeners' configuration, however this is a security risk:
# https://github.com/matrix-org/synapse#security-note # https://github.com/matrix-org/synapse#security-note
# #
web_client_location: "${WEB_CLIENT_URL:?}" EOF
if [ -n "$WEB_CLIENT_URL" ]; then
echo "web_client_location: \"$WEB_CLIENT_URL\""
fi
cat << EOF
# The public-facing base URL that clients use to access this Homeserver (not # The public-facing base URL that clients use to access this Homeserver (not
# including _matrix/...). This is the same URL a user might enter into the # including _matrix/...). This is the same URL a user might enter into the
# 'Custom Homeserver URL' field on their client. If you use Synapse with a # 'Custom Homeserver URL' field on their client. If you use Synapse with a
@ -690,6 +696,7 @@ if [ -n "$DISABLE_FEDERATION" ]; then
fi fi
cat << EOF cat << EOF
# Report prometheus metrics on the age of PDUs being sent to and received from # Report prometheus metrics on the age of PDUs being sent to and received from
# the following domains. This can be used to give an idea of "delay" on inbound # the following domains. This can be used to give an idea of "delay" on inbound
# and outbound federation, though be aware that any delay can be due to problems # and outbound federation, though be aware that any delay can be due to problems

View file

@ -28,6 +28,12 @@ database-name
Path to database file if SQLite3 is used or database name if PostgresSQL is Path to database file if SQLite3 is used or database name if PostgresSQL is
used. used.
tls-cert
Path to PEM-encoded X509 TLS certificate.
tls-private-key
Path to PEM-encoded TLS private key.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
database-host database-host

View file

@ -118,6 +118,11 @@ if [ -f "$__object/parameter/enable-server-notices" ]; then
export ENABLE_SERVER_NOTICES=1 export ENABLE_SERVER_NOTICES=1
fi fi
# TLS.
TLS_CERTIFICATE_PATH=$(cat "$__object/parameter/tls-cert")
TLS_PRIVATE_KEY_PATH=$(cat "$__object/parameter/tls-private-key")
export TLS_PRIVATE_KEY_PATH TLS_CERTIFICATE_PATH
# Performance flags. # Performance flags.
GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor") GLOBAL_CACHE_FACTOR=$(cat "$__object/parameter/global-cache-factor")
EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size") EVENT_CACHE_SIZE=$(cat "$__object/parameter/event-cache-size")
@ -205,6 +210,10 @@ ENABLE_MESSAGE_RETENTION_POLICY=$(get_boolean_for 'enable-message-retention-poli
MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime") MESSAGE_RETENTION_POLICY_MAX_LIFETIME=$(cat "$__object/parameter/message-max-lifetime")
export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME export ENABLE_MESSAGE_RETENTION_POLICY MESSAGE_RETENTION_POLICY_MAX_LIFETIME
# Previews.
ENABLE_URL_PREVIEW=$(get_boolean_for 'enable-url-preview')
export ENABLE_URL_PREVIEW
# Rate-limiting # Rate-limiting
RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second") RC_MESSAGE_PER_SECOND=$(cat "$__object/parameter/rc-message-per-second")
RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst") RC_MESSAGE_BURST=$(cat "$__object/parameter/rc-message-burst")

View file

@ -16,3 +16,4 @@ ldap-use-starttls
user-directory-search-all-users user-directory-search-all-users
enable-message-retention-policy enable-message-retention-policy
worker-mode worker-mode
enable-url-preview

View file

@ -2,3 +2,5 @@ server-name
base-url base-url
database-engine database-engine
database-name database-name
tls-cert
tls-private-key